pyspf 2.0.9

Installation------------This package requires PyDNS (or Py3DNS for running with Python 3) and eitherthe ipaddr or python3.3 and later. PyDNS is available athttp://pydns.sourceforge.net. Binary and source RPMs for PyDNS are alsoavailable from http://pymilter.sourceforge.net. Py3DNS is available on pypiand at https://launchpad.net/py3dns The ipaddr module is available fromhttp://code.google.com/p/ipaddr-py or as part of the Python standard librarystarting with python3.3 (as ipaddress). This package requires authres fromeither pypi or http://launchpad.net/authentication-results-python to processand generate RFC 5451 Authentication Results headers.

After unpacking the source distribution, install this in your site-specific Python extension directory::

% python setup.py build % su # python setup.py install

The minimum Python version required is python2.6. The spf module in thisversion has been tested with python3.2 and does not require using 2to3. Itwill work with all versions of pydns or py3dns. It works either with thestand alone ipaddr module or the standard library ipaddress module.

Testing-------After this package is installed, cd into the test directory andexecute testspf.py::

This runs the SPF council test-suite as of when this package was built.It does not test the pyDNS installation, but uses an internal driver.This avoids changing results due to DNS timeouts.

In addition, spf.py runs an internal self-test every time it is used from thecommand line.

If you're running on Mac OS X, and it looks like DNS.DiscoverNameServers()is failing, you'll need to edit your /etc/resolv.conf and specify adomain name. For some reason, OS X writes out resolv.conf with a single'domain' line, which isn't good at all. Later versions of py3dns have beenupdated to better support Max OS X.

Description===========SPF does email sender validation. For more information about SPF,please see http://www.openspf.net/

One incompatible change was introduced in version 1.7. Prior to version 1.7,connections from a local IP address (127...) would always return a Pass result. The special case was eliminated. Programs calling pySPF should notdo SPF checks on locally submitted mail.

This SPF client is intended to be installed on the border MTA, checkingif incoming SMTP clients are permitted to forward mail. The SPF checkshould be done during the MAIL FROM:<...> command.

There are two ways to use this package. The first is from the commandline:: % python spf.py {ip-addr} {mail-from} {helo}

The first element in the tuple is one of 'pass', 'fail', 'netural', 'softfail','unknown', or 'error'. The second is the SMTP response status code: 550 for 'fail', 450 for 'error' and 250 for all else. The third is an explanation.

Note: SPF results alone are never sufficient to decide that a message should beaccepted. Accept, reject, or defer decisions are a function of local recieverpolicy.

The first element in the tuple is one of 'pass', 'fail', 'neutral', 'softfail,'permerror', or 'temperror'. The second is an explanation.

This package also provides two additional helper scripts; type99.py and spfquery.py. The type99.py script will convert DNS TXT strings to a binary equivalent suitable for use in a BIND zone file. The spfquery.py script is aPython reimplementination of Wayne Schlitt's spfquery command line tool.

The input file format is a standard BIND Zone file. The type99 script will adda Type99 record for each TXT record found in the file. Use of DNS type 99(type SPF) was removed from SPF in RFC 7208, so this script should be ofhistorical interest only.

The spfquery.py script is called with a number of possible options. Options caneither use standard '-' prefix or be PERL style long options, '--'. Supportedoptions are:

"--file" or "-file" {filename}: Read the query (or queries) from the designated file. If {filename} is '0', then query inputs are read from STDIN.

"--ip" or "-ip" {address}: Client IP address to use for SPF check.

"--sender" or "-sender" {Mail From address}: Envelope sender from which mail was received.

"--helo" or "-helo" {client hostname}: HELO/EHLO name used by SMTP client.

"--local" or "-local" {local policy SPF string}: Additional SPF mechanisms to be checked on the basis of local policy. Note that local policy matches are not strictly SPF results. Local policy processing is not defined in RFC 4408 or RFC 7208. Result may vary among SPF implementations.

"--rcpt-to" or "rcpt-to" {rcpt-to address - if available}: Receipt to address is not used for actual SPF processing, but if available it can be useful for logging, spf-received header construction, and providing useful rejection messages when messages are rejected due to SPF.

"--sanitize" or "-sanitize" and "--debug" or "-debug": These options are no-op in the Python implementation, but are valid inputs to provide compatibliity with input files developed to work with the original PERL and C spfquery implementations.

Overall per SPF check time limits can be controlled by passing querytimeto the spf.check2 function or when initializing a spf.query object.It is set to 20 seconds by default based on RFC 7208. If querytime is set to0, then the overall time limit is disabled and the per DNS lookup limit is usedinstead. This defaults to 20 seconds and can be controlled viaspf.MAX_PER_LOOKUP_TIME. RFC 4408 says that the overall limit MAY be used andrecommends no less than 20 seconds if it is. RFC 7208 is stronger, so adefault limit aligned to the RFC requirements is now used.